Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code

Side by Side Diff: README.md

Issue 4810150141493248: Issue 122 - Puppet ENC via Hiera (Closed)
Patch Set: 112 - Integrate run.py and monitoring with Hiera Created Feb. 26, 2015, 5:32 p.m.
Left:
Right:
Use n/p to move between diff chunks; N/P to move between comments.
Jump to:
View unified diff | Download patch
« no previous file with comments | « .hgignore ('k') | Vagrantfile » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 Adblock Plus infrastructure 1 Adblock Plus infrastructure
2 =========================== 2 ===========================
3 3
4 The Adblock Plus infrastructure uses [Puppet](http://puppetlabs.com/) 4 The Adblock Plus infrastructure uses [Puppet](http://puppetlabs.com/)
5 to set up servers, and to have a realistic development environment. 5 to set up servers, and to have a realistic development environment.
6 6
7 Our Puppet manifests are only tested with Ubuntu 12.04 right now. 7 Our Puppet manifests are only tested with Ubuntu 12.04 right now.
8 8
9 Private files 9 Host specific setup
10 ------------- 10 -------------------
11 11
12 Some parts of our infrastructure are, obviously, confidential. We have 12 Some infrastructure parts are specific to the environment (such as e.g.
13 htpasswd files, SSH keys and SSL certificates that we need to be 13 *development*, *test* and *production*) whilst passwords, for example,
14 careful with. 14 are confidential. In order to allow for such specific configuration, the
15 repository requires a set of manual operations during the initial setup:
15 16
16 That's why _modules/private_ is missing, and needs to be placed there 17 ### `modules/private`
17 manually. We provide stub versions of all those files in 18
18 _modules/private-stub_, so just linking or copying that to 19 The `private` module is destined to store confidential information such as
19 _modules/private_ will make everything work locally. 20 [RSA](http://en.wikipedia.org/wiki/RSA_%28cryptosystem%29) keys, `htpasswd`
21 files and so on. The repository provides a `private-stub` module containing
22 defaults suitable for development and testing purpose. One can create a
23 symbolic link to start using the resource:
24
25 # UNIX-oid
26 user@host:~/infrastructure$ ln -s private-stub modules/private
27
28 # Windows
29 C:\infrastructure\> MKLINK /D modules\private private-stub
30
31 When creating a custom version, one may inspect the `modules/private-stub`
32 directory to determine which resources have to be provided.
33
34 ### `hiera/private`
35
36 Analogous to `modules/private`, [Hiera](https://docs.puppetlabs.com/hiera/1/)
37 configuration files specific to the current environment are expected to be
38 found in `hiera/private`. Default resources for development (and testing)
39 purpose are provided within `modules/private-stub/hiera`:
40
41 # UNIX-oid
42 user@host:~/infrastructure$ ln -s ../modules/private-stub/hiera hiera/privat e
43
44 # Windows
45 C:\infrastructure\> MKLINK /D ..\modules\private-stub\hiera hiera\private
46
47 Note that custom versions are recommended to be tracked together with the
48 custom `private` module, if any.
20 49
21 Development environment 50 Development environment
22 ----------------------- 51 -----------------------
23 52
24 As with our other projects, all changes to our infrastructure should 53 As with our other projects, all changes to our infrastructure should
25 be made in a local development environment, and reviewed before 54 be made in a local development environment, and reviewed before
26 deployment. Thanks to Puppet, we can easily set up local VMs that 55 deployment. Thanks to Puppet, we can easily set up local VMs that
27 mirror our production environment. 56 mirror our production environment.
28 57
29 The most convenient way to do this is to use Vagrant, as described 58 The most convenient way to do this is to use Vagrant, as described
30 below. 59 below.
31 60
32 ### Requirements 61 ### Requirements
33 62
34 * [VirtualBox](https://www.virtualbox.org/) 63 * [VirtualBox](https://www.virtualbox.org/)
35 * [Vagrant](http://vagrantup.com/) 64 * [Vagrant](http://vagrantup.com/)
36 * _modules/private_ exists (see above) 65 * Both `modules/private` and `hiera/private` exist (see above)
37 66
38 ### Start a VM 67 ### Start a VM
39 68
40 For each production server, we have a Vagrant VM with the same host 69 For each production server, we have a Vagrant VM with the same host
41 name. 70 name.
42 71
43 To start the _filter1_ VM: 72 To start the _filter1_ VM:
44 73
45 vagrant up filter1 74 vagrant up filter1
46 75
(...skipping 10 matching lines...) Expand all
57 86
58 vagrant ssh server5 87 vagrant ssh server5
59 88
60 If you want to test "real" SSH access you can use the test user account defined 89 If you want to test "real" SSH access you can use the test user account defined
61 in _private-stub_: 90 in _private-stub_:
62 91
63 ssh -i modules/private/files/id_rsa test@10.8.0.100 92 ssh -i modules/private/files/id_rsa test@10.8.0.100
64 93
65 The default password for this user (required for the _sudo_ command) is "test". 94 The default password for this user (required for the _sudo_ command) is "test".
66 95
67 Adding a server 96 Adding a host
68 --------------- 97 -------------
69 98
70 To set up a new server, you should first add it to the development 99 To set up a new host, extend the custom `hiera/private/host.yaml` by another
71 environment and test the setup, then set up a corresponding production 100 `servers:` item, e.g.:
72 server.
73 101
74 ### Development environment 102 # ...
103 custom1:
104 ip: [10.8.0.254]
105 dns: foobar.example.com
106 ssh_public_key: AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAA...
107 role: codereviewserver
75 108
76 1. Add entries in _Vagrantfile_ and _manifests/vagrant.pp_ 109 See `modules/base/manifests/init.pp`, especially the `explicit_host_record()`
110 named type within class `base`, for more information on the possible option
111 keys and values.
77 112
78 2. Add the host name to one of the manifests imported by 113 Configuring Puppet
79 _manifests/nodes.pp_ 114 ------------------
80 115
81 3. Make sure the server uses the _nagios::client_ class and add a 116 Below please find brief instructions for setting up Puppet on both master
82 _nagios\_host_ to _manifests/monitoringserver.pp_ 117 and agents:
83 118
84 ### Production environment 119 ### Prerequisites
85 120
86 1. Install Ubuntu Server 12.04 LTS 121 1. Install Ubuntu Server 12.04 LTS
87 2. Perform an update and install Puppet 122 2. Perform an update and install Puppet
88 123
89 apt-get -y update && apt-get -y upgrade && apt-get -y install puppet 124 apt-get -y update && apt-get -y upgrade && apt-get -y install puppet
90 125
91 3. Enable pluginsync (Add the following to the _main_ section in 126 3. Enable pluginsync (Add the following to the _main_ section in
92 _/etc/puppet/puppet.conf_) 127 _/etc/puppet/puppet.conf_)
93 128
94 pluginsync=true 129 pluginsync=true
(...skipping 73 matching lines...) Expand 10 before | Expand all | Expand 10 after
168 Monitoring is fully functional in any environment, including development. 203 Monitoring is fully functional in any environment, including development.
169 Here, after bootstrapping the `server4` box, one can access the Nagios GUI 204 Here, after bootstrapping the `server4` box, one can access the Nagios GUI
170 from the host machine via <https://nagiosadmin:nagiosadmin@10.8.0.99/>. 205 from the host machine via <https://nagiosadmin:nagiosadmin@10.8.0.99/>.
171 206
172 The monitoring service of our production environment, however, is accessible 207 The monitoring service of our production environment, however, is accessible
173 via <https://monitoring.adblockplus.org/>. 208 via <https://monitoring.adblockplus.org/>.
174 Add yourself to _files/nagios-htpasswd_ in the _private_ module used on the 209 Add yourself to _files/nagios-htpasswd_ in the _private_ module used on the
175 server, or have someone add you if you don't have access. 210 server, or have someone add you if you don't have access.
176 211
177 212
OLDNEW
« no previous file with comments | « .hgignore ('k') | Vagrantfile » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld